The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section be used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of prior art.
With rapidly growing technology, it has become possible to use a single device, popularly known as a smart device, which allows a user to perform a variety of functions like communication, data transfer and management, banking operations and transactions, to name a few. Such smart devices like smart phones, computer systems, laptops etc., are required to support multiple application programs to perform the desired variety of functions and contain several confidential and private information of the user. Owing to their versatile nature, there has been a tremendous growth in the usage of smart devices in recent years, however, along with that a need has arisen to provide for a greater depth of security and privacy protection of the arsenal of sensitive information stored therein.
The current security measures to safeguard such sensitive data has not been sufficient in preventing unauthorized attackers. For rendering security enhancements and assessing, if the user of a device is legitimate/authorized, the existing authentication and access control systems depend upon user's secrets such as passwords and/or physical tokens. The tokens that are used today are easily lost or stolen in the world of hacking, malwares, bugs and many other vulnerable attacks. The passwords in turn are cumbersome to maintain and so in many instances actions are taken which compromise their security, like using a common password for multiple applications, writing down passwords in planners or notebooks, using non-secure character strings such as names or birth dates. The tokens and passwords do not represent true end-to-end authentication as compared to human-to-machine.
True authentication requires a physiological biometric template of the user. Biometrics uniquely identifies a user with extremely sensitive and personal piece of information and provides a secure managed (protected) computing environment for authentication. Considering that various biometric identification of a user like retinal or iris scans, facial features, voiceprints, fingerprints, hand geometry, are specific to every individual, it can be effectively used to protect and secure sensitive information on any device and therefore, it provides an ambit of comfort with the users to use the biometric identifications to securely access their smart devices system. However, currently used biometric authentication procedures in smart devices suffer from several shortcomings. The process of identifying whether the user is authorized or not, requires the user to explicitly call for an authentication or request auto-setting to run before using the device. This requires an active role of the user in the authentication process, which puts a dent on seamless user experience. Further, the biometric system provides security at a higher i.e. phone level but it does not protect individual applications carrying sensitive data. In cases, where security measures have been attempted for application level protection, there is no way to protect the information from an attack, after an initial authentication of the application by the authorized user. Another significant drawback of the existing security systems is that it does not discover the source of attack or identify the attacker.
Hence, in light of the aforementioned, but not limited thereto, it can be concluded that the existing authentication solutions are not sufficient to provide continuous monitoring of the use of smart devices once logged into through biometric authentication process. There is clearly a long felt need to overcome said shortcomings associated with the existing art and this need has been met with by the present disclosure.
The information disclosed in this section is only for enhancement of understanding of the general background of the disclosure. The approaches described herein are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section, qualify as prior art merely by virtue of their inclusion in this section nor should they be taken as an acknowledgement or any form of suggestion that this information is already known to a person skilled in the art.